New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
global-buffer-overflow in lou_logFile() when long filename is given #1301
Comments
I checked other Except for the Lines 100 to 105 in 018edce
The max size of the src buffer (i.e., Lines 260 to 275 in 1cf7687
While the size of the dest buffer (i.e., However, the above is my static analysis result, and for now I cannot trigger the overflow from the program or API entry. |
Should I commit the fix together with #1300, or open a new pull request? |
Hi @Marsman1996 , please open a new PR for this issue, thanks |
Hi, I open a new PR #1302 to fix this problem. |
Summary
When long filename (larger than 256) is given to API
lou_logFile()
, there will be a global-buffer-overflow.liblouis/liblouis/logging.c
Lines 121 to 130 in 517f6f1
Test Environment
Ubuntu 16.04.3 LTS
liblouis (master, 6223f21)
How to trigger
$ clang -g -fsanitize=address,fuzzer ./driver-API-6223f21-lou_logFile-BO.c ./bin_asan/lib/liblouis.a -I ./bin_asan/include/liblouis/ -o driver-API-6223f21-lou_logFile-BO
$ ./driver-API-6223f21-lou_logFile-BO poc-API-6223f21-lou_logFile-BO
ASAN report
The text was updated successfully, but these errors were encountered: